Closed abarke closed 1 week ago
Thanks for pointing this out to us. It is currently not an issue for anyone using this sdk, as security vulnerabilities don't affect any of the functions used by this sdk. We will leave this issue open for when we update to the latest ws version.
[like] Alexander Barker reacted to your message:
From: Joseph Klix @.> Sent: Monday, July 22, 2024 10:57:35 PM To: aws/aws-iot-device-sdk-js-v2 @.> Cc: Alexander Barker @.>; Author @.> Subject: Re: [aws/aws-iot-device-sdk-js-v2] npm audit - 2 vulnerabilities found - Severity: 2 high (Issue #517)
Thanks for pointing this out to us. It is currently not an issue for anyone using this sdk, as security vulnerabilities don't affect any of the functions used by this sdk. We will leave this issue open for when we update to the latest ws version.
— Reply to this email directly, view it on GitHubhttps://github.com/aws/aws-iot-device-sdk-js-v2/issues/517#issuecomment-2243949254, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AII3PFNMRDXJNWSVCD6KX6TZNWE57AVCNFSM6AAAAABK7CAHXKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDENBTHE2DSMRVGQ. You are receiving this because you authored the thread.Message ID: @.***>
This should be addressed in the v1.21.0 release.
This issue is now closed. Comments on closed issues are hard for our team to see. If you need more assistance, please open a new issue that references this one.
Describe the bug
Need to update dependencies.
Expected Behavior
No vulnerabilities found
Current Behavior
2 vulnerabilities found Severity: 2 high
Reproduction Steps
npm audit
Possible Solution
I found a solution to the first dependency by simply adding this to
package.json
:However the second vulnerability requires that
mqtt@4.3.8
library is updated tomqtt@>=5.7.2
Ref to "ws": "^8.17.1": https://github.com/mqttjs/MQTT.js/blob/v5.7.2/package.json#L127That means that https://www.npmjs.com/package/aws-crt must also update to
mqtt@>=5.7.2
being a major change.Additional Information/Context
No response
SDK version used
v1.20.0
Environment details (OS name and version, etc.)
Windows 11